Add TXT record for SPF

Add the SPF TXT record for your domain to help prevent email spam.

Task

What you’ll see

You might already have other strings in the TXT value for this record (such as strings for marketing email), which is fine. Leave those strings in place and add this one, placing double-quotes around each string to separate them.

In the New Resource Record dialog box, make sure that the fields are set to precisely the following values.

Important In some versions of Windows DNS Manager, the domain may have been set up so that when you create a txt record, the home name defaults to the parent domain. In this situation, when adding a TXT record, set the host name to blank (no value) instead of setting it to @ or the domain name. This KB article on setting up SPF records has more information.

Host type: @

Record Type: TXT

Address: v=spf1 include:spf.protection.outlook.com -all

We recommend copying and pasting this entry, so that all of the spacing stays correct.

In the Custom Host Names area of the New Resource Record dialog box, make sure that the fields are set to precisely the following values.

Important In some versions of Windows DNS Manager, the domain may have been set up so that when you create a txt record, the home name defaults to the parent domain. In this situation, when adding a TXT record, set the host name to blank (no value) instead of setting it to @ or the domain name. This KB article on setting up SPF records has more information.

Host Name: @

Type: TXT

Address: Paste the Destination or Points to Address value that you just copied from Office 365 here.

Choose OK, and then choose Done.

Verify your domain in Office 365.

Important Wait about 15 minutes before you do this, so the record you just created can update across the Internet.

Go back to Office 365 and follow the steps below to request a verification check. The check looks for the TXT record you added in the previous step. When it finds the correct TXT record, the domain is verified.

Non-routable email address used as a UPN in your on-prem Active Directory

If you're planning to synchronize your on-premises Active Directory with Office 365, you’ll want to make sure that the Active Directory user principal name (UPN) suffix is a valid domain suffix, and not an unsupported domain suffix such as @contoso.local. If you need to change your UPN suffix, we’ve got instructions to help you with that.